Security devices, such as firewalls and routers, are typically configured with rules or routing access control lists (ACLs). Firewall rules and routing ACLs are generally sensitive and complex elements of networked systems. Their sensitivity derives from the importance of hardening external access to a company's data center and enterprise networks. Their complexity generally derives from the wide array of firewall infrastructure devices that may be in use in any company along with the rules logic in every security device.
Firewall performance often matches effective policies in importance; a poorly defined rule base or configuration mistakes can cause performance and security issues. Rules lists are frequently thousands of entries in length, which adds to the complexity for network/security administrators who are responsible for managing such rules and tracking change management of such rules and configuration.